tls1_generate_master_secret,
tls1_change_cipher_state,
tls1_final_finish_mac,
- TLS1_FINISH_MAC_LENGTH,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
tls1_export_keying_material,
SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV,
- DTLS1_HM_HEADER_LENGTH,
dtls1_set_handshake_header,
dtls1_close_construct_packet,
dtls1_handshake_write
tls1_generate_master_secret,
tls1_change_cipher_state,
tls1_final_finish_mac,
- TLS1_FINISH_MAC_LENGTH,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
tls1_export_keying_material,
SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS
| SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS,
- DTLS1_HM_HEADER_LENGTH,
dtls1_set_handshake_header,
dtls1_close_construct_packet,
dtls1_handshake_write
unsigned char seq[SEQ_NUM_SIZE];
const unsigned char *data;
unsigned char *buf;
- unsigned long fragoff, fraglen, msglen;
+ size_t fragoff, fraglen, msglen;
unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;
BIO *rbio, *wbio;
BUF_MEM *bufm;
return -1;
}
if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookiepkt),
- PACKET_remaining(&cookiepkt)) ==
- 0) {
+ (unsigned int)PACKET_remaining(&cookiepkt)) == 0) {
/*
* We treat invalid cookies in the same was as no cookie as
* per RFC6347
BIO_ADDR_free(tmpclient);
tmpclient = NULL;
+ /* TODO(size_t): convert this call */
if (BIO_write(wbio, buf, wreclen) < (int)wreclen) {
if (BIO_should_retry(wbio)) {
/*
/* Set to min mtu */
s->d1->mtu = dtls1_min_mtu(s);
BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
- s->d1->mtu, NULL);
+ (long)s->d1->mtu, NULL);
}
} else
return 0;
};
static int find_profile_by_name(char *profile_name,
- SRTP_PROTECTION_PROFILE **pptr, unsigned len)
+ SRTP_PROTECTION_PROFILE **pptr, size_t len)
{
SRTP_PROTECTION_PROFILE *p;
do {
col = strchr(ptr, ':');
- if (!find_profile_by_name(ptr, &p, col ? col - ptr : (int)strlen(ptr))) {
+ if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)
+ : strlen(ptr))) {
if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
return ret;
}
-int pqueue_size(pqueue *pq)
+size_t pqueue_size(pqueue *pq)
{
pitem *item = pq->items;
int count = 0;
memset(rl->write_sequence, 0, sizeof(rl->write_sequence));
}
-int ssl3_pending(const SSL *s)
+size_t ssl3_pending(const SSL *s)
{
- unsigned int i;
- int num = 0;
+ size_t i, num = 0;
if (s->rlayer.rstate == SSL_ST_READ_BODY)
return 0;
packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
- max_send_fragment, NULL);
+ (int)max_send_fragment, NULL);
if (len >= 8 * max_send_fragment)
packlen *= 8;
} else if (tot == len) { /* done? */
/* free jumbo buffer */
ssl3_release_write_buffer(s);
- return tot;
+ *written = tot;
+ return 1;
}
n = (len - tot);
void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl);
-__owur int ssl3_pending(const SSL *s);
+__owur size_t ssl3_pending(const SSL *s);
__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len,
size_t *written);
int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
int ssl3_release_write_buffer(SSL *s)
{
SSL3_BUFFER *wb;
- unsigned int pipes;
+ size_t pipes;
pipes = s->rlayer.numwpipes;
while (pipes > 0) {
ssl3_generate_master_secret,
ssl3_change_cipher_state,
ssl3_final_finish_mac,
- MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
SSL3_MD_CLIENT_FINISHED_CONST, 4,
SSL3_MD_SERVER_FINISHED_CONST, 4,
ssl3_alert_code,
size_t, const unsigned char *, size_t,
int use_context))ssl_undefined_function,
0,
- SSL3_HM_HEADER_LENGTH,
ssl3_set_handshake_header,
tls_close_construct_packet,
ssl3_handshake_write
case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
*(unsigned char **)parg = s->tlsext_ocsp_resp;
+ if (s->tlsext_ocsp_resplen == 0)
+ return -1;
return s->tlsext_ocsp_resplen;
case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
int i;
size_t finish_md_len;
const char *sender;
- int slen;
+ size_t slen;
if (s->server)
i = SSL3_CHANGE_CIPHER_SERVER_READ;
(int (*)(SSL *, int))ssl_undefined_function,
(size_t (*)(SSL *, const char *, size_t, unsigned char *))
ssl_undefined_function,
- 0, /* finish_mac_length */
NULL, /* client_finished_label */
0, /* client_finished_label_len */
NULL, /* server_finished_label */
s->tlsext_ocsp_ids = NULL;
s->tlsext_ocsp_exts = NULL;
s->tlsext_ocsp_resp = NULL;
- s->tlsext_ocsp_resplen = -1;
+ s->tlsext_ocsp_resplen = 0;
SSL_CTX_up_ref(ctx);
s->initial_ctx = ctx;
#ifndef OPENSSL_NO_EC
int SSL_pending(const SSL *s)
{
+ size_t pending = s->method->ssl_pending(s);
+
/*
* SSL_pending cannot work properly if read-ahead is enabled
* (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
* impossible to fix since SSL_pending cannot report errors that may be
* observed while scanning the new data. (Note that SSL_pending() is
* often used as a boolean value, so we'd better not return -1.)
+ *
+ * SSL_pending also cannot work properly if the value >INT_MAX. In that case
+ * we just return INT_MAX.
*/
- return (s->method->ssl_pending(s));
+ return pending < INT_MAX ? pending : INT_MAX;
}
int SSL_has_pending(const SSL *s)
const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr);
int (*put_cipher_by_char) (const SSL_CIPHER *cipher, WPACKET *pkt,
size_t *len);
- int (*ssl_pending) (const SSL *s);
+ size_t (*ssl_pending) (const SSL *s);
int (*num_ciphers) (void);
const SSL_CIPHER *(*get_cipher) (unsigned ncipher);
long (*get_timeout) (void);
X509_EXTENSIONS *tlsext_ocsp_exts;
/* OCSP response received or to be sent */
unsigned char *tlsext_ocsp_resp;
- int tlsext_ocsp_resplen;
+ size_t tlsext_ocsp_resplen;
/* RFC4507 session ticket expected to be received or sent */
int tlsext_ticket_expected;
# ifndef OPENSSL_NO_EC
pitem *pqueue_find(pqueue *pq, unsigned char *prio64be);
pitem *pqueue_iterator(pqueue *pq);
pitem *pqueue_next(piterator *iter);
-int pqueue_size(pqueue *pq);
+size_t pqueue_size(pqueue *pq);
typedef struct dtls1_state_st {
unsigned char cookie[DTLS1_COOKIE_LENGTH];
size_t, size_t *);
int (*change_cipher_state) (SSL *, int);
size_t (*final_finish_mac) (SSL *, const char *, size_t, unsigned char *);
- int finish_mac_length;
const char *client_finished_label;
- int client_finished_label_len;
+ size_t client_finished_label_len;
const char *server_finished_label;
- int server_finished_label_len;
+ size_t server_finished_label_len;
int (*alert_value) (int);
int (*export_keying_material) (SSL *, unsigned char *, size_t,
const char *, size_t,
int use_context);
/* Various flags indicating protocol version requirements */
uint32_t enc_flags;
- /* Handshake header length */
- unsigned int hhlen;
/* Set the handshake header */
int (*set_handshake_header) (SSL *s, WPACKET *pkt, int type);
/* Close construction of the handshake message */
int (*do_write) (SSL *s);
} SSL3_ENC_METHOD;
-# define SSL_HM_HEADER_LENGTH(s) s->method->ssl3_enc->hhlen
-# define ssl_handshake_start(s) \
- (((unsigned char *)s->init_buf->data) + s->method->ssl3_enc->hhlen)
# define ssl_set_handshake_header(s, pkt, htype) \
s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype))
# define ssl_close_construct_packet(s, pkt, htype) \
MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt)
{
int al;
- unsigned long resplen;
+ unsigned long resplenl;
+ size_t resplen;
unsigned int type;
if (!PACKET_get_1(pkt, &type)
SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_UNSUPPORTED_STATUS_TYPE);
goto f_err;
}
- if (!PACKET_get_net_3(pkt, &resplen)
- || PACKET_remaining(pkt) != resplen) {
+ if (!PACKET_get_net_3(pkt, &resplenl)
+ || PACKET_remaining(pkt) != resplenl) {
al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_CERT_STATUS, SSL_R_LENGTH_MISMATCH);
goto f_err;
}
+ resplen = resplenl;
s->tlsext_ocsp_resp = OPENSSL_malloc(resplen);
if (s->tlsext_ocsp_resp == NULL) {
al = SSL_AD_INTERNAL_ERROR;
{
size_t finish_md_len;
const char *sender;
- int slen;
+ size_t slen;
if (s->server) {
sender = s->method->ssl3_enc->server_finished_label;
static void ssl3_take_mac(SSL *s)
{
const char *sender;
- int slen;
+ size_t slen;
/*
* If no new cipher setup return immediately: other functions will set
* the appropriate error.
tls1_generate_master_secret,
tls1_change_cipher_state,
tls1_final_finish_mac,
- TLS1_FINISH_MAC_LENGTH,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
tls1_export_keying_material,
0,
- SSL3_HM_HEADER_LENGTH,
ssl3_set_handshake_header,
tls_close_construct_packet,
ssl3_handshake_write
tls1_generate_master_secret,
tls1_change_cipher_state,
tls1_final_finish_mac,
- TLS1_FINISH_MAC_LENGTH,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
tls1_export_keying_material,
SSL_ENC_FLAG_EXPLICIT_IV,
- SSL3_HM_HEADER_LENGTH,
ssl3_set_handshake_header,
tls_close_construct_packet,
ssl3_handshake_write
tls1_generate_master_secret,
tls1_change_cipher_state,
tls1_final_finish_mac,
- TLS1_FINISH_MAC_LENGTH,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
tls1_export_keying_material,
SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF
| SSL_ENC_FLAG_TLS1_2_CIPHERS,
- SSL3_HM_HEADER_LENGTH,
ssl3_set_handshake_header,
tls_close_construct_packet,
ssl3_handshake_write
tls1_generate_master_secret,
tls1_change_cipher_state,
tls1_final_finish_mac,
- TLS1_FINISH_MAC_LENGTH,
TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
tls1_alert_code,
tls1_export_keying_material,
SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF
| SSL_ENC_FLAG_TLS1_2_CIPHERS,
- SSL3_HM_HEADER_LENGTH,
ssl3_set_handshake_header,
tls_close_construct_packet,
ssl3_handshake_write
*/
OPENSSL_free(s->tlsext_ocsp_resp);
s->tlsext_ocsp_resp = NULL;
- s->tlsext_ocsp_resplen = -1;
+ s->tlsext_ocsp_resplen = 0;
switch (ret) {
case SSL_TLSEXT_ERR_ALERT_FATAL:
projects / openssl.git / commitdiff